Burp Suite Enterprise Edition is now available in our secure Cloud  –  Learn more

Burp Suite Enterprise Edition - hosting options

What options do you have for Burp Suite Enterprise Edition?

a person viewing a screen

Burp Suite Enterprise Edition is a distributed system that requires a combination of a centralized server and dedicated scanning machines to provide a reliable and scalable scanning solution. This means you can deploy Burp Suite Enterprise Edition in many ways to work best for your organization's requirements and existing architecture.

Choose from our hosting options below

PortSwigger Cloud hosted - quick and simple

The new standard. PortSwigger will host Burp Suite Enterprise Edition within its private, secure network, enabling you to get up and running with automated security testing in minutes.

  • Our dedicated platform team will handle all the deployment, configuration, and maintenance on your behalf. This allows you to focus on what you are good at, finding security vulnerabilities within your application portfolio.

  • Once you have purchased a license, all you need to do is register an account and configure a site, and you're ready to start scanning at scale.

  • Once your setup is up and running, it is easy to make adjustments if you find that your initial setup is causing a bottleneck. For example, suppose you want to increase the number of applications you can scan concurrently. In that case, we will automatically adjust your infrastructure to accommodate those changes once you have adjusted your license.

  • Our hosting infrastructure is designed to be highly available and easily scalable to facilitate your organization's scanning requirements.

  • Provides an accurate simulation of an external attacker targeting your web applications to give an actual test of your security defenses and where they might be vulnerable.

We recently published a blog post going into more detail about our new cloud hosting options; come and take a look

PortSwigger Cloud hosted - with an internal scanning machine

All the benefits of PortSwigger private cloud hosting, but with the additional ability to scan internal applications.

  • PortSwigger Cloud Hosted Burp Suite Enterprise Edition usually requires the target web application to be accessible online to perform a vulnerability scan.

  • This is unsuitable for internal applications and services, which could be potential weak points in your security profile.

  • Therefore, this option allows you to host a scanning agent within the boundaries of your private network so that your instance of Burp Suite Enterprise will instruct it to scan your application on its behalf and upload the results back to your instance for analysis and reporting.

  • This gives you all the benefits of a standard cloud installation, with the added capacity to target internal applications and improve the coverage of your testing efforts.

Architecture diagram

Burp Suite Enterprise Edition - hosted in PortSwigger cloud architecture diagram

Self-hosted - standard deployment

The original Burp Suite Enterprise Edition experience. Maintain complete control over your scanning infrastructure at a lower price point.

  • You host an Enterprise server and independent scanning machines on your internal systems with complete control over the installation, deployment, and configuration of the machines hosting it.

  • Control the number of web applications you want to be able to scan in parallel in line with your scanning requirements.

  • Schedule scans to occur at regular intervals or reactively scan your applications from your CI pipelines.

  • Full access to dashboards and reporting features to monitor and analyze your scan results in real-time.

  • Designed to scale with your organization quickly and efficiently.

Burp Suite Enterprise Edition - self hosted architecture diagram

Self-hosted - Kubernetes deployment

It is the same concept as the standard self-managed option, built explicitly for Kubernetes environments.

  • Like a self-managed standard deployment, you have complete control over the Enterprise installation and infrastructure.

  • This flavor allows you to deploy Burp Suite Enterprise edition to a Kubernetes cluster, which is ideal if your organization has a pre-existing Kubernetes-based infrastructure.

  • Configured to scale with demand automatically to handle fluctuating scanning requirements.

  • All features offered in other flavors are available, including CI-driven scanning, scheduling, and reporting functionality.

Burp Suite Enterprise Edition - self hosted Kubernetes architecture diagram

You deploy a Burp Suite Enterprise Edition container directly into your continuous integration build pipeline that automatically reacts to code changes and scans your applications in test environments before they hit production.

  • Like the cloud-hosted deployment option, PortSwigger will host the infrastructure to facilitate your scanning requirements.

  • However, this deployment option is a headless Burp Suite Enterprise Edition variant. In which scans are run reactively from code changes pushed to your CI pipeline and use the scanning configuration provided to the container.

  • This is ideal for Organizations that do not require the dashboard and scheduling features a standard Burp Suite Enterprise installation would provide.

  • It is also much easier to set up and maintain compared to a full Enterprise setup, as you do not need any additional computers to run the server and scanning machines. We handle any additional infrastructure you need, and a container provides much more flexibility with the hardware you have any existing infrastructure running on.